Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0490 | 1 Open-realty | 1 Open-realty | 2025-04-09 | N/A |
| index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | ||||
| CVE-2007-0491 | 1 Sky Gunning | 1 Myspeach | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information. | ||||
| CVE-2007-0497 | 1 Upload-service | 1 Upload-service | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter. | ||||
| CVE-2007-0498 | 1 Sky Gunning | 1 Myspeach | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | ||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2025-04-09 | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | ||||
| CVE-2007-0503 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. | ||||
| CVE-2007-0504 | 1 Vote Pro | 1 Vote Pro | 2025-04-09 | N/A |
| Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632. | ||||
| CVE-2007-1440 | 1 Jgbbs | 1 Jgbbs | 2025-04-09 | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter. | ||||
| CVE-2007-0512 | 1 Hitachi | 2 Tpi Link, Tpi Server Base | 2025-04-09 | N/A |
| Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port. | ||||
| CVE-2007-0517 | 1 Scriptsez | 1 Random Php Quote | 2025-04-09 | N/A |
| Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | ||||
| CVE-2007-0518 | 1 Scriptsez | 1 Smart Php Subscriber | 2025-04-09 | N/A |
| Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | ||||
| CVE-2007-0529 | 1 Php Link Directory | 1 Php Link Directory | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. | ||||
| CVE-2007-0530 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use | ||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2025-04-09 | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | ||||
| CVE-2007-0546 | 1 Toxiclab | 1 Shoutbox | 2025-04-09 | N/A |
| Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | ||||
| CVE-2007-0550 | 1 212cafe | 1 212cafeboard | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. | ||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | ||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2025-04-09 | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2007-0562 | 1 Microsoft | 1 Windows Explorer | 2025-04-09 | N/A |
| Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. | ||||
| CVE-2007-0569 | 1 X-dev | 1 Xnews | 2025-04-09 | N/A |
| SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. | ||||